rpms/selinux-policy/devel policy-20060802.patch,1.12,1.13
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Sat Aug 19 13:09:34 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv31446
Modified Files:
policy-20060802.patch
Log Message:
* Fri Aug 18 2006 Dan Walsh <dwalsh at redhat.com> 2.3.8-1
- Update from upstream
policy-20060802.patch:
mls | 9
modules/admin/amanda.fc | 51 ----
modules/admin/anaconda.te | 20 +
modules/admin/bootloader.te | 4
modules/admin/consoletype.te | 11 -
modules/admin/firstboot.te | 2
modules/admin/rpm.fc | 2
modules/admin/rpm.if | 13 -
modules/admin/usermanage.te | 5
modules/apps/java.fc | 9
modules/apps/mozilla.if | 2
modules/apps/wine.te | 2
modules/kernel/corecommands.fc | 1
modules/kernel/corecommands.if | 1
modules/kernel/corenetwork.te.in | 7
modules/kernel/devices.fc | 2
modules/kernel/devices.if | 37 +++
modules/kernel/devices.te | 8
modules/kernel/files.if | 18 +
modules/kernel/filesystem.te | 2
modules/kernel/kernel.if | 75 +++++++
modules/kernel/terminal.if | 19 +
modules/services/amavis.te | 7
modules/services/apache.te | 1
modules/services/avahi.te | 2
modules/services/bind.te | 1
modules/services/ccs.fc | 8
modules/services/ccs.if | 45 ++++
modules/services/ccs.te | 84 +++++++
modules/services/cpucontrol.te | 2
modules/services/cron.if | 17 +
modules/services/cron.te | 7
modules/services/cups.te | 19 +
modules/services/cyrus.te | 5
modules/services/dbus.if | 6
modules/services/dovecot.te | 2
modules/services/inn.te | 1
modules/services/ldap.te | 2
modules/services/mta.fc | 2
modules/services/ntp.te | 2
modules/services/oddjob.fc | 8
modules/services/oddjob.if | 76 +++++++
modules/services/oddjob.te | 70 ++++++
modules/services/oddjob_mkhomedir.fc | 6
modules/services/oddjob_mkhomedir.if | 24 ++
modules/services/oddjob_mkhomedir.te | 26 ++
modules/services/openvpn.te | 2
modules/services/pegasus.if | 31 ++
modules/services/pegasus.te | 5
modules/services/postfix.te | 7
modules/services/procmail.te | 1
modules/services/radius.te | 2
modules/services/ricci.fc | 20 +
modules/services/ricci.if | 184 +++++++++++++++++
modules/services/ricci.te | 373 +++++++++++++++++++++++++++++++++++
modules/services/rpc.if | 2
modules/services/rpc.te | 5
modules/services/samba.te | 8
modules/services/setroubleshoot.fc | 9
modules/services/setroubleshoot.if | 3
modules/services/setroubleshoot.te | 110 ++++++++++
modules/services/spamassassin.te | 4
modules/services/squid.te | 4
modules/services/ssh.if | 24 ++
modules/services/sysstat.te | 3
modules/services/xserver.if | 69 ++++++
modules/services/xserver.te | 19 +
modules/system/authlogin.if | 42 ++-
modules/system/authlogin.te | 19 +
modules/system/fstools.te | 1
modules/system/hostname.te | 10
modules/system/init.if | 7
modules/system/init.te | 2
modules/system/libraries.fc | 7
modules/system/locallogin.te | 4
modules/system/logging.fc | 3
modules/system/logging.if | 21 +
modules/system/logging.te | 3
modules/system/lvm.fc | 2
modules/system/lvm.te | 6
modules/system/miscfiles.fc | 1
modules/system/miscfiles.if | 18 +
modules/system/modutils.te | 1
modules/system/mount.te | 3
modules/system/selinuxutil.te | 15 +
modules/system/udev.fc | 1
modules/system/udev.te | 1
modules/system/unconfined.if | 2
modules/system/unconfined.te | 5
modules/system/userdomain.if | 236 +++++++++++++++-------
modules/system/userdomain.te | 48 ++--
modules/system/xen.if | 38 +++
modules/system/xen.te | 26 +-
93 files changed, 1869 insertions(+), 261 deletions(-)
Index: policy-20060802.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060802.patch,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- policy-20060802.patch 19 Aug 2006 03:14:46 -0000 1.12
+++ policy-20060802.patch 19 Aug 2006 13:09:31 -0000 1.13
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.3.8/policy/mls
--- nsaserefpolicy/policy/mls 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.8/policy/mls 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/mls 2006-08-18 23:12:03.000000000 -0400
@@ -184,19 +184,12 @@
( t2 == mlstrustedobject ));
@@ -24,7 +24,7 @@
(( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.fc serefpolicy-2.3.8/policy/modules/admin/amanda.fc
--- nsaserefpolicy/policy/modules/admin/amanda.fc 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/admin/amanda.fc 2006-08-18 08:12:54.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/amanda.fc 2006-08-18 23:12:03.000000000 -0400
@@ -9,62 +9,13 @@
/tmp/amanda(/.*)? gen_context(system_u:object_r:amanda_tmp_t,s0)
@@ -91,7 +91,7 @@
/var/lib/amanda/index gen_context(system_u:object_r:amanda_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-2.3.8/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/admin/anaconda.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/anaconda.te 2006-08-18 23:12:03.000000000 -0400
@@ -25,8 +25,12 @@
modutils_domtrans_insmod(anaconda_t)
@@ -136,7 +136,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.8/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/admin/bootloader.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/bootloader.te 2006-08-18 23:12:03.000000000 -0400
@@ -83,8 +83,10 @@
dev_read_rand(bootloader_t)
dev_read_urand(bootloader_t)
@@ -151,7 +151,7 @@
fs_getattr_tmpfs(bootloader_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.8/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/admin/consoletype.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/consoletype.te 2006-08-18 23:12:03.000000000 -0400
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -176,7 +176,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-2.3.8/policy/modules/admin/firstboot.te
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/admin/firstboot.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/firstboot.te 2006-08-18 23:12:03.000000000 -0400
@@ -106,7 +106,7 @@
')
@@ -186,10 +186,9 @@
')
optional_policy(`
-Binary files nsaserefpolicy/policy/modules/admin/prelink.te and serefpolicy-2.3.8/policy/modules/admin/prelink.te differ
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.8/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/admin/rpm.fc 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/rpm.fc 2006-08-18 23:12:03.000000000 -0400
@@ -19,6 +19,8 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -201,7 +200,7 @@
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.3.8/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/admin/rpm.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/rpm.if 2006-08-18 23:12:03.000000000 -0400
@@ -75,12 +75,13 @@
')
@@ -224,7 +223,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.8/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/admin/usermanage.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/admin/usermanage.te 2006-08-18 23:12:03.000000000 -0400
@@ -260,7 +260,7 @@
')
@@ -253,7 +252,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.8/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2006-07-14 17:04:31.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/apps/java.fc 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/apps/java.fc 2006-08-18 23:12:03.000000000 -0400
@@ -1,7 +1,7 @@
#
# /opt
@@ -276,7 +275,7 @@
+/usr/bin/jv-convert -- gen_context(system_u:object_r:java_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-2.3.8/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2006-08-16 08:46:26.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/apps/mozilla.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/apps/mozilla.if 2006-08-18 23:12:03.000000000 -0400
@@ -63,6 +63,7 @@
allow $1_mozilla_t self:unix_stream_socket { listen accept };
# Browse the web, connect to printer
@@ -295,7 +294,7 @@
sysnet_dns_name_resolve($1_mozilla_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-2.3.8/policy/modules/apps/wine.te
--- nsaserefpolicy/policy/modules/apps/wine.te 2006-07-14 17:04:31.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/apps/wine.te 2006-08-18 09:59:13.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/apps/wine.te 2006-08-18 23:12:03.000000000 -0400
@@ -18,7 +18,7 @@
#
@@ -307,7 +306,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.3.8/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/kernel/corecommands.fc 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/kernel/corecommands.fc 2006-08-18 23:12:03.000000000 -0400
@@ -62,6 +62,7 @@
/etc/X11/xinit(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -318,7 +317,7 @@
/etc/mysql/debian-start -- gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.3.8/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/kernel/corecommands.if 2006-08-18 08:37:47.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/kernel/corecommands.if 2006-08-18 23:12:03.000000000 -0400
@@ -950,6 +950,7 @@
allow $1 exec_type:file manage_file_perms;
@@ -329,7 +328,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.8/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/kernel/corenetwork.te.in 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/kernel/corenetwork.te.in 2006-08-18 23:12:03.000000000 -0400
@@ -67,12 +67,14 @@
network_port(clamd, tcp,3310,s0)
network_port(clockspeed, udp,4041,s0)
@@ -372,7 +371,7 @@
network_port(spamd, tcp,783,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.3.8/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/kernel/devices.fc 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/kernel/devices.fc 2006-08-18 23:12:03.000000000 -0400
@@ -37,7 +37,7 @@
/dev/mpu401.* -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/null -c gen_context(system_u:object_r:null_device_t,s0)
@@ -384,7 +383,7 @@
/dev/pmu -c gen_context(system_u:object_r:power_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.3.8/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/kernel/devices.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/kernel/devices.if 2006-08-18 23:12:03.000000000 -0400
@@ -2992,3 +2992,40 @@
typeattribute $1 devices_unconfined_type;
@@ -428,7 +427,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-2.3.8/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/kernel/devices.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/kernel/devices.te 2006-08-18 23:12:03.000000000 -0400
@@ -72,6 +72,12 @@
dev_node(lvm_control_t)
@@ -453,7 +452,7 @@
dev_node(xen_device_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.3.8/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/kernel/files.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/kernel/files.if 2006-08-18 23:12:03.000000000 -0400
@@ -2934,6 +2934,24 @@
########################################
@@ -481,7 +480,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.3.8/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/kernel/filesystem.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/kernel/filesystem.te 2006-08-18 23:12:03.000000000 -0400
@@ -24,6 +24,7 @@
fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0);
@@ -500,7 +499,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.3.8/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2006-08-16 08:46:26.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/kernel/kernel.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/kernel/kernel.if 2006-08-18 23:12:03.000000000 -0400
@@ -1443,6 +1443,42 @@
########################################
@@ -589,7 +588,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.3.8/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/kernel/terminal.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/kernel/terminal.if 2006-08-18 23:12:03.000000000 -0400
@@ -308,6 +308,7 @@
type devpts_t;
')
@@ -622,7 +621,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.3.8/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2006-08-16 08:46:29.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/amavis.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/amavis.te 2006-08-18 23:12:03.000000000 -0400
@@ -62,10 +62,12 @@
allow amavis_t amavis_quarantine_t:dir create_dir_perms;
@@ -654,7 +653,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.3.8/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/apache.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/apache.te 2006-08-18 23:12:03.000000000 -0400
@@ -272,7 +272,6 @@
sysnet_read_config(httpd_t)
@@ -665,7 +664,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.3.8/policy/modules/services/avahi.te
--- nsaserefpolicy/policy/modules/services/avahi.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/avahi.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/avahi.te 2006-08-18 23:12:03.000000000 -0400
@@ -63,6 +63,7 @@
domain_use_interactive_fds(avahi_t)
@@ -684,7 +683,7 @@
userdom_dontaudit_search_sysadm_home_dirs(avahi_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-2.3.8/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2006-08-16 08:46:29.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/bind.te 2006-08-18 07:39:17.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/bind.te 2006-08-18 23:12:03.000000000 -0400
@@ -218,6 +218,7 @@
allow ndc_t self:netlink_route_socket r_netlink_socket_perms;
@@ -695,7 +694,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.3.8/policy/modules/services/ccs.fc
--- nsaserefpolicy/policy/modules/services/ccs.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/ccs.fc 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/ccs.fc 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,8 @@
+# ccs executable will have:
+# label: system_u:object_r:ccs_exec_t
@@ -707,7 +706,7 @@
+/etc/cluster(/.*)? gen_context(system_u:object_r:cluster_conf_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.3.8/policy/modules/services/ccs.if
--- nsaserefpolicy/policy/modules/services/ccs.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/ccs.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/ccs.if 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,45 @@
+## <summary>policy for ccs</summary>
+
@@ -756,7 +755,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.3.8/policy/modules/services/ccs.te
--- nsaserefpolicy/policy/modules/services/ccs.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/ccs.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/ccs.te 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,84 @@
+policy_module(ccs,1.0.0)
+
@@ -844,7 +843,7 @@
+allow ccs_t cluster_conf_t:file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cpucontrol.te serefpolicy-2.3.8/policy/modules/services/cpucontrol.te
--- nsaserefpolicy/policy/modules/services/cpucontrol.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/cpucontrol.te 2006-08-18 08:27:31.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/cpucontrol.te 2006-08-18 23:12:03.000000000 -0400
@@ -25,7 +25,7 @@
# CPU microcode loader local policy
#
@@ -856,7 +855,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.3.8/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2006-08-18 07:32:40.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/cron.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/cron.if 2006-08-18 23:12:03.000000000 -0400
@@ -181,6 +181,7 @@
allow $1_crontab_t $2:fd use;
allow $1_crontab_t $2:fifo_file rw_file_perms;
@@ -909,7 +908,7 @@
allow $1 system_crond_t:process sigchld;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.3.8/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2006-08-18 07:32:40.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/cron.te 2006-08-18 10:08:53.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/cron.te 2006-08-18 23:12:03.000000000 -0400
@@ -146,6 +146,8 @@
')
')
@@ -940,7 +939,7 @@
# via redirection of standard out.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.3.8/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/cups.te 2006-08-18 08:13:44.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/cups.te 2006-08-18 23:12:03.000000000 -0400
@@ -74,13 +74,14 @@
#
@@ -1010,7 +1009,7 @@
fs_search_auto_mountpoints(hplip_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-2.3.8/policy/modules/services/cyrus.te
--- nsaserefpolicy/policy/modules/services/cyrus.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/cyrus.te 2006-08-18 10:00:48.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/cyrus.te 2006-08-18 23:12:03.000000000 -0400
@@ -69,6 +69,7 @@
corenet_udp_sendrecv_all_ports(cyrus_t)
corenet_tcp_bind_all_nodes(cyrus_t)
@@ -1029,7 +1028,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.8/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/dbus.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/dbus.if 2006-08-18 23:12:03.000000000 -0400
@@ -123,6 +123,7 @@
selinux_compute_relabel_context($1_dbusd_t)
selinux_compute_user_contexts($1_dbusd_t)
@@ -1052,7 +1051,7 @@
#######################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.3.8/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/dovecot.te 2006-08-18 08:30:41.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/dovecot.te 2006-08-18 23:12:03.000000000 -0400
@@ -168,7 +168,7 @@
# Allow dovecot to create and read SSL parameters file
allow dovecot_t dovecot_var_lib_t:dir rw_dir_perms;
@@ -1064,7 +1063,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-2.3.8/policy/modules/services/inn.te
--- nsaserefpolicy/policy/modules/services/inn.te 2006-07-14 17:04:40.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/inn.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/inn.te 2006-08-18 23:12:03.000000000 -0400
@@ -36,6 +36,7 @@
allow innd_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow innd_t self:tcp_socket create_stream_socket_perms;
@@ -1075,7 +1074,7 @@
allow innd_t innd_etc_t:dir r_dir_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-2.3.8/policy/modules/services/ldap.te
--- nsaserefpolicy/policy/modules/services/ldap.te 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/ldap.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/ldap.te 2006-08-18 23:12:03.000000000 -0400
@@ -72,7 +72,7 @@
allow slapd_t slapd_var_run_t:file create_file_perms;
@@ -1087,7 +1086,7 @@
kernel_read_kernel_sysctls(slapd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-2.3.8/policy/modules/services/mta.fc
--- nsaserefpolicy/policy/modules/services/mta.fc 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/mta.fc 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/mta.fc 2006-08-18 23:12:03.000000000 -0400
@@ -2,6 +2,8 @@
/etc/aliases -- gen_context(system_u:object_r:etc_aliases_t,s0)
/etc/aliases\.db -- gen_context(system_u:object_r:etc_aliases_t,s0)
@@ -1099,7 +1098,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.3.8/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/ntp.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/ntp.te 2006-08-18 23:12:03.000000000 -0400
@@ -32,7 +32,7 @@
# sys_resource and setrlimit is for locking memory
@@ -1111,7 +1110,7 @@
allow ntpd_t self:fifo_file { read write getattr };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-2.3.8/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/oddjob.fc 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/oddjob.fc 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,8 @@
+# oddjob executable will have:
+# label: system_u:object_r:oddjob_exec_t
@@ -1123,7 +1122,7 @@
+/usr/lib/oddjobd gen_context(system_u:object_r:oddjob_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-2.3.8/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/oddjob.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/oddjob.if 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,76 @@
+## <summary>policy for oddjob</summary>
+
@@ -1203,7 +1202,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.fc serefpolicy-2.3.8/policy/modules/services/oddjob_mkhomedir.fc
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/oddjob_mkhomedir.fc 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/oddjob_mkhomedir.fc 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,6 @@
+# oddjob_mkhomedir executable will have:
+# label: system_u:object_r:oddjob_mkhomedir_exec_t
@@ -1213,7 +1212,7 @@
+/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.if serefpolicy-2.3.8/policy/modules/services/oddjob_mkhomedir.if
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/oddjob_mkhomedir.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/oddjob_mkhomedir.if 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,24 @@
+## <summary>policy for oddjob_mkhomedir</summary>
+
@@ -1241,7 +1240,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.te serefpolicy-2.3.8/policy/modules/services/oddjob_mkhomedir.te
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/oddjob_mkhomedir.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/oddjob_mkhomedir.te 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,26 @@
+policy_module(oddjob_mkhomedir,1.0.0)
+
@@ -1271,7 +1270,7 @@
+allow oddjob_mkhomedir_t self:unix_stream_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.3.8/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/oddjob.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/oddjob.te 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,70 @@
+policy_module(oddjob,1.0.0)
+
@@ -1345,7 +1344,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-2.3.8/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/openvpn.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/openvpn.te 2006-08-18 23:12:03.000000000 -0400
@@ -33,7 +33,7 @@
allow openvpn_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow openvpn_t self:udp_socket create_socket_perms;
@@ -1357,7 +1356,7 @@
allow openvpn_t openvpn_etc_t:file r_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.8/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/pegasus.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/pegasus.if 2006-08-18 23:12:03.000000000 -0400
@@ -1 +1,32 @@
## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+
@@ -1393,7 +1392,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.8/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/pegasus.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/pegasus.te 2006-08-18 23:12:03.000000000 -0400
@@ -100,13 +100,12 @@
auth_use_nsswitch(pegasus_t)
@@ -1412,7 +1411,7 @@
hostname_exec(pegasus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.3.8/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/postfix.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/postfix.te 2006-08-18 23:12:03.000000000 -0400
@@ -250,6 +250,7 @@
allow postfix_cleanup_t postfix_spool_t:lnk_file create_lnk_perms;
@@ -1450,7 +1449,7 @@
postgrey_stream_connect(postfix_smtpd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.3.8/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/procmail.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/procmail.te 2006-08-18 23:12:03.000000000 -0400
@@ -29,6 +29,7 @@
kernel_read_kernel_sysctls(procmail_t)
@@ -1461,7 +1460,7 @@
corenet_tcp_sendrecv_all_nodes(procmail_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-2.3.8/policy/modules/services/radius.te
--- nsaserefpolicy/policy/modules/services/radius.te 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/radius.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/radius.te 2006-08-18 23:12:03.000000000 -0400
@@ -31,7 +31,7 @@
# gzip also needs chown access to preserve GID for radwtmp files
allow radiusd_t self:capability { chown dac_override fsetid kill setgid setuid sys_resource sys_tty_config };
@@ -1473,7 +1472,7 @@
allow radiusd_t self:tcp_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.3.8/policy/modules/services/ricci.fc
--- nsaserefpolicy/policy/modules/services/ricci.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/ricci.fc 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/ricci.fc 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,20 @@
+# ricci executable will have:
+# label: system_u:object_r:ricci_exec_t
@@ -1497,7 +1496,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.3.8/policy/modules/services/ricci.if
--- nsaserefpolicy/policy/modules/services/ricci.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/ricci.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/ricci.if 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,184 @@
+## <summary>policy for ricci</summary>
+
@@ -1685,7 +1684,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.3.8/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/ricci.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/ricci.te 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,373 @@
+policy_module(ricci,1.0.0)
+
@@ -2062,7 +2061,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-2.3.8/policy/modules/services/rpc.if
--- nsaserefpolicy/policy/modules/services/rpc.if 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/rpc.if 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/rpc.if 2006-08-18 23:12:03.000000000 -0400
@@ -51,6 +51,8 @@
kernel_rw_rpc_sysctls($1_t)
@@ -2074,7 +2073,7 @@
corenet_tcp_sendrecv_all_if($1_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.3.8/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/rpc.te 2006-08-18 07:38:02.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/rpc.te 2006-08-18 23:12:03.000000000 -0400
@@ -48,9 +48,6 @@
# for rpc.rquotad
kernel_read_sysctl(rpcd_t)
@@ -2096,7 +2095,7 @@
fs_read_rpc_files(gssd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.3.8/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/samba.te 2006-08-18 08:23:31.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/samba.te 2006-08-18 23:12:03.000000000 -0400
@@ -171,7 +171,7 @@
#
# smbd Local policy
@@ -2135,7 +2134,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-2.3.8/policy/modules/services/setroubleshoot.fc
--- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/setroubleshoot.fc 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/setroubleshoot.fc 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,9 @@
+# setroubleshoot executables
+
@@ -2148,14 +2147,14 @@
+/var/lib/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-2.3.8/policy/modules/services/setroubleshoot.if
--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/setroubleshoot.if 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/setroubleshoot.if 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,3 @@
+## <summary>policy for setroubleshoot</summary>
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.3.8/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.8/policy/modules/services/setroubleshoot.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/setroubleshoot.te 2006-08-18 23:12:03.000000000 -0400
@@ -0,0 +1,110 @@
+policy_module(setroubleshoot,1.0.0)
+
@@ -2269,7 +2268,7 @@
+files_dontaudit_search_src(setroubleshootd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.3.8/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/spamassassin.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/spamassassin.te 2006-08-18 23:12:03.000000000 -0400
@@ -193,3 +193,7 @@
optional_policy(`
udev_read_db(spamd_t)
@@ -2280,7 +2279,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.3.8/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/squid.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/squid.te 2006-08-18 23:12:03.000000000 -0400
@@ -28,9 +28,9 @@
# Local policy
#
@@ -2295,7 +2294,7 @@
allow squid_t self:fd use;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.3.8/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/ssh.if 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/ssh.if 2006-08-18 23:12:03.000000000 -0400
@@ -711,3 +711,27 @@
dontaudit $1 sshd_key_t:file { getattr read };
@@ -2326,7 +2325,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-2.3.8/policy/modules/services/sysstat.te
--- nsaserefpolicy/policy/modules/services/sysstat.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/sysstat.te 2006-08-18 08:24:27.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/sysstat.te 2006-08-18 23:12:03.000000000 -0400
@@ -36,6 +36,8 @@
kernel_read_fs_sysctls(sysstat_t)
kernel_read_rpc_sysctls(sysstat_t)
@@ -2346,7 +2345,7 @@
init_use_script_ptys(sysstat_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.8/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/xserver.if 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/xserver.if 2006-08-18 23:12:03.000000000 -0400
@@ -45,7 +45,6 @@
allow $1_xserver_t self:capability { dac_override fsetid setgid setuid ipc_owner sys_rawio sys_admin sys_nice sys_tty_config mknod net_bind_service };
dontaudit $1_xserver_t self:capability chown;
@@ -2453,7 +2452,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.3.8/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/services/xserver.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/services/xserver.te 2006-08-18 23:12:03.000000000 -0400
@@ -81,15 +81,19 @@
#
@@ -2531,7 +2530,7 @@
unconfined_domtrans(xdm_xserver_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.3.8/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2006-08-18 07:32:40.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/authlogin.if 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/authlogin.if 2006-08-18 23:12:03.000000000 -0400
@@ -128,6 +128,7 @@
# Transition from the user domain to this domain.
domain_auto_trans($2,chkpwd_exec_t,$1_chkpwd_t)
@@ -2704,7 +2703,7 @@
miscfiles_read_certs($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.3.8/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2006-08-18 07:32:40.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/authlogin.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/authlogin.te 2006-08-18 23:12:03.000000000 -0400
@@ -93,10 +93,9 @@
allow pam_t pam_var_run_t:dir { search getattr read write remove_name };
@@ -2764,7 +2763,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.3.8/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/fstools.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/fstools.te 2006-08-18 23:12:03.000000000 -0400
@@ -111,6 +111,7 @@
corecmd_read_sbin_files(fsadm_t)
corecmd_read_sbin_pipes(fsadm_t)
@@ -2775,7 +2774,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.8/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/hostname.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/hostname.te 2006-08-18 23:12:03.000000000 -0400
@@ -8,7 +8,10 @@
type hostname_t;
@@ -2800,7 +2799,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.3.8/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2006-08-16 08:46:31.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/init.if 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/init.if 2006-08-18 23:12:03.000000000 -0400
@@ -158,13 +158,6 @@
allow $1 initrc_t:fifo_file rw_file_perms;
allow $1 initrc_t:process sigchld;
@@ -2817,7 +2816,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.8/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-08-16 08:46:31.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/init.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/init.te 2006-08-18 23:12:03.000000000 -0400
@@ -357,6 +357,8 @@
logging_read_audit_config(initrc_t)
@@ -2829,7 +2828,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.3.8/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/libraries.fc 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/libraries.fc 2006-08-18 23:12:03.000000000 -0400
@@ -97,6 +97,8 @@
/usr/lib/win32/.* -- gen_context(system_u:object_r:shlib_t,s0)
@@ -2860,7 +2859,7 @@
/usr/lib(64)?/libgsm\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.3.8/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/locallogin.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/locallogin.te 2006-08-18 23:12:03.000000000 -0400
@@ -47,7 +47,7 @@
allow local_login_t self:sem create_sem_perms;
allow local_login_t self:msgq create_msgq_perms;
@@ -2881,7 +2880,7 @@
dev_getattr_mouse_dev(local_login_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-2.3.8/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/logging.fc 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/logging.fc 2006-08-18 23:12:03.000000000 -0400
@@ -38,3 +38,6 @@
/var/spool/postfix/pid -d gen_context(system_u:object_r:var_run_t,s0)
@@ -2891,7 +2890,7 @@
+/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-2.3.8/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/logging.if 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/logging.if 2006-08-18 23:12:03.000000000 -0400
@@ -553,3 +553,24 @@
allow $1 var_log_t:dir rw_dir_perms;
allow $1 var_log_t:file create_file_perms;
@@ -2919,7 +2918,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.3.8/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/logging.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/logging.te 2006-08-18 23:12:03.000000000 -0400
@@ -120,9 +120,10 @@
allow auditd_t auditd_log_t:lnk_file create_lnk_perms;
allow auditd_t var_log_t:dir search;
@@ -2932,9 +2931,55 @@
kernel_read_kernel_sysctls(auditd_t)
# Needs to be able to run dispatcher. see /etc/audit/auditd.conf
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-2.3.8/policy/modules/system/lvm.fc
+--- nsaserefpolicy/policy/modules/system/lvm.fc 2006-07-14 17:04:44.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/lvm.fc 2006-08-18 23:50:13.000000000 -0400
+@@ -14,7 +14,6 @@
+
+ /etc/lvmtab(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
+ /etc/lvmtab\.d(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
+-
+ #
+ # /lib
+ #
+@@ -88,3 +87,4 @@
+ /var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
+
+ /var/cache/multipathd(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
++/var/run/multipathd.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.3.8/policy/modules/system/lvm.te
+--- nsaserefpolicy/policy/modules/system/lvm.te 2006-08-02 10:34:08.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/lvm.te 2006-08-18 23:52:13.000000000 -0400
+@@ -125,7 +125,7 @@
+
+ # DAC overrides and mknod for modifying /dev entries (vgmknodes)
+ # rawio needed for dmraid
+-allow lvm_t self:capability { dac_override fowner ipc_lock sys_admin sys_nice mknod chown sys_resource sys_rawio };
++allow lvm_t self:capability { dac_override fowner ipc_lock sys_admin sys_nice mknod chown sys_resource sys_rawio net_admin };
+ dontaudit lvm_t self:capability sys_tty_config;
+ allow lvm_t self:process { sigchld sigkill sigstop signull signal };
+ # LVM will complain a lot if it cannot set its priority.
+@@ -133,6 +133,7 @@
+ allow lvm_t self:file rw_file_perms;
+ allow lvm_t self:fifo_file rw_file_perms;
+ allow lvm_t self:unix_dgram_socket create_socket_perms;
++allow lvm_t self:netlink_kobject_uevent_socket create_socket_perms;
+
+ allow lvm_t lvm_tmp_t:dir create_dir_perms;
+ allow lvm_t lvm_tmp_t:file create_file_perms;
+@@ -152,7 +153,8 @@
+
+ allow lvm_t lvm_var_run_t:file create_file_perms;
+ allow lvm_t lvm_var_run_t:dir create_dir_perms;
+-files_pid_filetrans(lvm_t,lvm_var_run_t,file)
++allow lvm_t lvm_var_run_t:sock_file create_file_perms;
++files_pid_filetrans(lvm_t,lvm_var_run_t,{ file sock_file })
+
+ allow lvm_t lvm_etc_t:file r_file_perms;
+ allow lvm_t lvm_etc_t:lnk_file r_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-2.3.8/policy/modules/system/miscfiles.fc
--- nsaserefpolicy/policy/modules/system/miscfiles.fc 2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/miscfiles.fc 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/miscfiles.fc 2006-08-18 23:12:03.000000000 -0400
@@ -9,6 +9,7 @@
# /etc
#
@@ -2945,7 +2990,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-2.3.8/policy/modules/system/miscfiles.if
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/miscfiles.if 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/miscfiles.if 2006-08-18 23:12:03.000000000 -0400
@@ -116,6 +116,24 @@
########################################
@@ -2973,7 +3018,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.3.8/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/modutils.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/modutils.te 2006-08-18 23:12:03.000000000 -0400
@@ -183,6 +183,7 @@
fs_getattr_xattr_fs(depmod_t)
@@ -2984,7 +3029,7 @@
corecmd_search_sbin(depmod_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.3.8/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2006-08-16 08:46:31.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/mount.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/mount.te 2006-08-18 23:12:03.000000000 -0400
@@ -80,6 +80,7 @@
files_read_isid_type_files(mount_t)
# For reading cert files
@@ -3004,7 +3049,7 @@
ifdef(`distro_redhat',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.8/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/selinuxutil.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/selinuxutil.te 2006-08-18 23:12:03.000000000 -0400
@@ -355,6 +355,8 @@
kernel_relabelfrom_unlabeled_symlinks(restorecon_t)
kernel_relabelfrom_unlabeled_pipes(restorecon_t)
@@ -3050,7 +3095,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-2.3.8/policy/modules/system/udev.fc
--- nsaserefpolicy/policy/modules/system/udev.fc 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/udev.fc 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/udev.fc 2006-08-18 23:12:03.000000000 -0400
@@ -1,5 +1,6 @@
# udev
@@ -3060,7 +3105,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.3.8/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/udev.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/udev.te 2006-08-18 23:12:03.000000000 -0400
@@ -129,6 +129,7 @@
mls_file_upgrade(udev_t)
mls_file_downgrade(udev_t)
@@ -3071,7 +3116,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.3.8/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/unconfined.if 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/unconfined.if 2006-08-18 23:12:03.000000000 -0400
@@ -20,6 +20,7 @@
# Use any Linux capability.
allow $1 self:capability *;
@@ -3090,7 +3135,7 @@
selinux_unconfined($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.3.8/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/unconfined.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/unconfined.te 2006-08-18 23:12:03.000000000 -0400
@@ -195,4 +195,9 @@
ifdef(`targeted_policy',`
allow unconfined_execmem_t self:process { execstack execmem };
@@ -3103,7 +3148,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.8/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-08-16 08:46:31.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/userdomain.if 2006-08-18 07:42:56.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/userdomain.if 2006-08-18 23:33:46.000000000 -0400
@@ -8,11 +8,10 @@
## <desc>
## <p>
@@ -3255,7 +3300,10 @@
- allow $1_t self:process execmem;
- ')
+ sysnet_dns_name_resolve($1_t)
-+
+
+- tunable_policy(`allow_execmem && allow_execstack',`
+- # Allow making the stack executable via mprotect.
+- allow $1_t self:process execstack;
+')
+#######################################
+## <summary>
@@ -3280,10 +3328,7 @@
+## </param>
+#
+template(`base_login_user_template',`
-
-- tunable_policy(`allow_execmem && allow_execstack',`
-- # Allow making the stack executable via mprotect.
-- allow $1_t self:process execstack;
++
+ gen_require(`
+ attribute $1_file_type;
+ attribute home_dir_type, home_type;
@@ -3353,56 +3398,7 @@
canna_stream_connect($1_t)
')
-@@ -346,6 +392,26 @@
- ')
-
- optional_policy(`
-+ dictd_tcp_connect($1_t)
-+ ')
-+
-+ optional_policy(`
-+ tunable_policy(`ftpd_is_daemon',`
-+ ftp_tcp_connect($1_t)
-+ ')
-+ ')
-+
-+ optional_policy(`
-+ finger_tcp_connect($1_t)
-+ ')
-+
-+ optional_policy(`
-+ i18n_use($1_t)
-+ ')
-+
-+ optional_policy(`
-+ inetd_tcp_connect($1_t)
-+ inetd_udp_send($1_t)
- inetd_use_fds($1_t)
- inetd_rw_tcp_sockets($1_t)
- ')
-@@ -357,6 +423,10 @@
- ')
-
- optional_policy(`
-+ jabber_tcp_connect($1_t)
-+ ')
-+
-+ optional_policy(`
- mta_rw_spool($1_t)
- ')
-
-@@ -373,6 +443,10 @@
- ')
-
- optional_policy(`
-+ nessus_tcp_connect($1_t)
-+ ')
-+
-+ optional_policy(`
- nscd_socket_use($1_t)
- ')
-
-@@ -426,8 +500,10 @@
+@@ -426,8 +472,10 @@
xserver_stream_connect_xdm($1_t)
# certain apps want to read xdm.pid file
xserver_read_xdm_pid($1_t)
@@ -3413,7 +3409,7 @@
')
')
-@@ -457,6 +533,7 @@
+@@ -457,6 +505,7 @@
# Inherit rules for ordinary users.
base_user_template($1)
@@ -3421,7 +3417,7 @@
typeattribute $1_t unpriv_userdomain;
domain_interactive_fd($1_t)
-@@ -477,9 +554,6 @@
+@@ -477,9 +526,6 @@
# Local policy
#
@@ -3431,7 +3427,7 @@
# Rules used to associate a homedir as a mountpoint
allow $1_home_t self:filesystem associate;
allow $1_file_type $1_home_t:filesystem associate;
-@@ -491,10 +565,6 @@
+@@ -491,10 +537,6 @@
allow privhome $1_home_t:sock_file create_file_perms;
allow privhome $1_home_t:fifo_file create_file_perms;
type_transition privhome $1_home_dir_t:{ dir notdevfile_class_set } $1_home_t;
@@ -3442,7 +3438,7 @@
dev_read_sysfs($1_t)
corecmd_exec_all_executables($1_t)
-@@ -502,11 +572,8 @@
+@@ -502,11 +544,8 @@
# port access is audited even if dac would not have allowed it, so dontaudit it here
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
@@ -3455,7 +3451,7 @@
# Read directories and files with the readable_t type.
# This type is a general type for "world"-readable files.
files_list_world_readable($1_t)
-@@ -514,8 +581,6 @@
+@@ -514,8 +553,6 @@
files_read_world_readable_symlinks($1_t)
files_read_world_readable_pipes($1_t)
files_read_world_readable_sockets($1_t)
@@ -3464,7 +3460,7 @@
init_read_utmp($1_t)
# The library functions always try to open read-write first,
-@@ -621,6 +686,8 @@
+@@ -621,6 +658,8 @@
# do not audit read on disk devices
dontaudit $1_t { removable_device_t fixed_disk_device_t }:blk_file read;
@@ -3473,7 +3469,7 @@
ifdef(`xdm.te', `
allow xdm_t $1_home_t:lnk_file read;
-@@ -657,8 +724,6 @@
+@@ -657,8 +696,6 @@
# Do not audit write denials to /etc/ld.so.cache.
dontaudit $1_t ld_so_cache_t:file write;
@@ -3482,7 +3478,7 @@
allow $1_t initrc_t:fifo_file write;
') dnl end TODO
')
-@@ -704,6 +769,7 @@
+@@ -704,6 +741,7 @@
# Inherit rules for ordinary users.
base_user_template($1)
@@ -3490,7 +3486,7 @@
typeattribute $1_t privhome;
domain_obj_id_change_exemption($1_t)
-@@ -736,11 +802,6 @@
+@@ -736,11 +774,6 @@
allow $1_t self:netlink_audit_socket nlmsg_readpriv;
@@ -3502,7 +3498,7 @@
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
kernel_getattr_message_if($1_t)
-@@ -806,6 +867,7 @@
+@@ -806,6 +839,7 @@
domain_getattr_all_sockets($1_t)
files_exec_usr_src_files($1_t)
@@ -3510,7 +3506,7 @@
init_rw_initctl($1_t)
-@@ -3359,6 +3421,25 @@
+@@ -3359,6 +3393,25 @@
########################################
## <summary>
@@ -3536,7 +3532,7 @@
## Read files in the staff users home directory.
## </summary>
## <param name="domain">
-@@ -4079,7 +4160,7 @@
+@@ -4079,7 +4132,7 @@
gen_require(`
type user_home_dir_t;
')
@@ -3545,7 +3541,7 @@
files_home_filetrans($1,user_home_dir_t,dir)
')
-@@ -4740,3 +4821,34 @@
+@@ -4740,3 +4793,34 @@
allow $1 user_home_dir_t:dir create_dir_perms;
files_home_filetrans($1,user_home_dir_t,dir)
')
@@ -3582,7 +3578,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.8/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-08-16 08:46:31.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/userdomain.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/userdomain.te 2006-08-18 23:36:36.000000000 -0400
@@ -56,14 +56,6 @@
# Local policy
#
@@ -3665,18 +3661,7 @@
', `
logging_manage_audit_log(sysadm_t)
logging_manage_audit_config(sysadm_t)
-@@ -417,6 +413,10 @@
- ')
-
- optional_policy(`
-+ radius_use(sysadm_t,sysadm_r,admin_terminal)
-+ ')
-+
-+ optional_policy(`
- rpm_run(sysadm_t,sysadm_r,admin_terminal)
- ')
-
-@@ -439,11 +439,11 @@
+@@ -439,11 +435,11 @@
selinux_set_parameters(secadm_t)
seutil_manage_bin_policy(secadm_t)
@@ -3695,7 +3680,7 @@
selinux_set_boolean(sysadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.3.8/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/xen.if 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/xen.if 2006-08-18 23:12:03.000000000 -0400
@@ -127,3 +127,41 @@
allow xm_t $1:fifo_file rw_file_perms;
allow xm_t $1:process sigchld;
@@ -3740,7 +3725,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.8/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.8/policy/modules/system/xen.te 2006-08-18 07:38:03.000000000 -0400
++++ serefpolicy-2.3.8/policy/modules/system/xen.te 2006-08-18 23:12:03.000000000 -0400
@@ -69,7 +69,10 @@
#
More information about the fedora-cvs-commits
mailing list